Over the next few weeks, our team at Respond Software will be writing a series of articles on topics critical to today’s Security Operation Center (SOC). We’ll start by exploring challenges faced by most enterprise teams across numerous dimensions, from strategic to technical, while incorporating thoughts from many veteran sources.
Our team has worthy credentials to address these topics including:
- Over 20 hands-on SOC builds
- Primary authorship of SOC frameworks used in nearly one hundred additional operational implementations
- 33+ counter nation state investigations
- Decades of active management in security operation centers and computer incident response teams
- Experience supplying technology to thousands of security teams worldwide.
Two Clear Mega Trends Emerging
These topics are more important than ever. Threats are increasing. We don’t give it a second thought when a well-funded, sophisticated nation state is the source of a breach. And, two clear mega trends are straining enterprise and agency SOC teams to deal with these threats:
- A severe shortage in skilled security personnel
- Exponential growth in data from technologies meant to help the situation.
Because almost every SOC relies on people to “connect the dots” between security alerts, contextual sources and impact to organizations, most are falling behind. And this inability to catch up creates a gap that demands more than what’s being offered today.
We know SOCs are trying and are plenty busy with all sorts of things. In fact, level-1 analysts, either in the enterprise or at the MSSP, are staring at SIEM consoles trying to decipher signals from noise. Senior analysts are querying and mining specialized databases. And, red alerts from the millions of dollars sunk into detection technologies sound incessantly.
But did your SOC catch a bad guy today?
We believe that overcoming the gap mentioned above is of critical importance for the success of our Security Operation Centers. Newer technology holds promise to help the SOC meet its objectives. However, it’s important to name the challenges and short-comings of today’s SOC so we can effectively address the situation. So, we first offer our point of view on the state of Security Operation Centers and their broader role for teams large and small. We invite you to play a part in the dialog and welcome your comments.
Mike Armistead, CEO and Co-Founder, Respond Software
Stay up to date with our latest posts by subscribing to our RSS feed: https://respond-software.com/blogs/blogs.atom